Re: ASR configuration

zeppa · ‎02-23-2005

Hello,

I'm configuring two CSS11501 in High Availability. Both devices run the version 7.30.0.05 (Standard Feature Set) of the management software.

The general project’s requirements for the CSSs are:

A) Balance the requests to the two Front-End machine

B) Maintain the session (HA) in the case that a CSS goes down during a work session (online stock trading).

Premising that the first tie is the High Availability, I’d want to configure the couple of CSSs in ASR (Adaptive Session Redundancy).

So, it's the following configuration right?

For the MASTER...

!*************** GLOBAL *************

global-portmap base-port 30000 range 30000

ip route 0.0.0.0 0.0.0.0 10.24.36.35 1

!************* INTERFACE ****************

interface e7

isc-port-one

interface e8

bridge vlan 2

!**************** CIRCUIT ******************

circuit VLAN1

ip address 192.168.22.2 255.255.255.0

ip redundant-interface 10 192.168.22.1

circuit VLAN2

ip address 10.24.36.40 255.255.255.0

ip virtual-router 10 priority 110 preempt

ip redundant-vip 10 10.24.36.42

!************ SERVICE ******************

service aix_1

ip address 192.168.22.130

protocol tcp

port 80

keepalive type http

redundant-index 1

active

service aix_2

ip address 192.168.22.131

protocol tcp

port 80

keepalive type http

redundant-index 2

active

!*********** OWNER **********************

owner My_owner

content Web

vip address 10.24.36.42

protocol tcp

port 80

url "/*"

add service aix_1

add service aix_2

redundant-index 3

active

And, for the backup...

!**************** GLOBAL ***********************

global-portmap base-port 33100 range 30000

ip route 0.0.0.0 0.0.0.0 10.24.36.35 1

!*************** INTERFACE ********************

interface e7

isc-port-one

interface e8

bridge vlan 2

!*************** CIRCUIT **************

circuit VLAN1

ip address 192.168.22.3 255.255.255.0

ip redundant-interface 10 192.168.22.1

circuit VLAN2

ip address 10.24.36.41 255.255.255.0

ip virtual-router 10 priority 90

ip redundant-vip 10 10.24.36.42

!***************** SERVICE ********************

service aix_1

ip address 192.168.22.130

protocol tcp

port 80

keepalive type http

redundant-index 1

active

service aix_2

ip address 192.168.22.131

protocol tcp

port 80

keepalive type http

redundant-index 2

active

!**************** OWNER ******************

owner My_owner

content Web

vip address 10.24.36.42

protocol tcp

port 80

url "/*"

add service aix_1

add service aix_2

redundant-index 3

active

--------------------------------------------------

Moreover, what can I do to obtain much HA?

Thanks

Regards

Gilles Dufour · ‎02-24-2005

There is just a simple mistake.

You need a virtual router per circuit vlan.

You can reuse the same virtual router id, but it needs to be configured on vlan 1 as well as vlan 2.

Then, you may want to configure 'ip critical-service' to define when to failover - ie: when you lose the gateway.

Using the same critical service on both interface is what will tie the 2 virtual router together [in order to fail both interface at the same time].

Regards,

Gilles.

zeppa · ‎02-24-2005

Dear Gilles,

thank you for your answer!

If I have well understood your suggestion I have to configure two vrrp processes: one on the front-end VLAN (where the VIP for the clients is located) and the other one on the back-end VLAN (where the server farm is located). Am I right?

Isn't sufficient to assign the same id to the two vrrp process to obtain the "fate sharing" for the two virtual gateways?

If not, which commands shall I add to the configuration I have sent to you ?

Second:

> Then, you may want to configure 'ip critical-

> service' to define when to failover

How can I associate a critical-service to an interface?

Moreover, on te front-end I can check the default gateway, but on the back-end what can I check?

Thank you very much!

regards,

Emiliano

Gilles Dufour · ‎02-24-2005

Emiliano.

VRRP is the same as VRRP or HSRP on a router.

You need 1 process per vlan.

The id is only used to distinguish different instance of the protocol running on the same vlan.

It is not used to tie processes together.

You need to use the same critical service to do this.

The assign a critical service, the command is simply 'ip critical-service' under the vlan configuration.

Searching our website will give you information on how to do this exactly.

On the front-end you usually use the gateway, on the back-end, you can ping your own interface [to detect if the interface is alive], or you can check a few very critical servers, or a switch.

Regards,

Gilles.

zeppa · ‎03-03-2005

Dear Gilles,

I have create a critical-service on each css in this way:

service upstream_downstream

ip address 10.24.36.254

keepalive type script ap-kal-pinglist "10.24.36.35 192.168.22.2"

keepalive frequency 2

keepalive maxfailure 2

keepalive retryperiod 2

redundant-index 7

active

where:

- 10.24.36.254 is a fictitious address (not esist)

- 10.24.36.35 is the defaul gateway for the css

- 192.168.22.2 is the address of the css interface on the back-end.

So, to use that critical-service...

circuit VLAN1 (back-end)

ip address 192.168.22.2 255.255.255.0

ip virtual-router 10 priority 110 preempt

ip redundant-interface 10 192.168.22.1

ip critical-service 10 upstream_downstream

circuit VLAN2 (front-end)

ip address 10.24.36.40 255.255.255.0

ip virtual-router 11 priority 110 preempt

ip redundant-vip 11 10.24.36.42

ip critical-service 11 upstream_downstream

Am I right?

Thank you very much!

Regards,

Emiliano